Ultimate Guide to Measuring Software Quality

Measuring software quality can be a challenge. Discover which software metrics to consider and advice for defining quality criteria and driving continuous improvement.

Lauren Craigie
May 16, 2024

Software quality isn't just about defect density; it embodies the reliability, performance, and security that underpin digital trust and user satisfaction.

But measuring software quality can be as challenging as defining it. In this post, we'll demystify the complexities around assessing software quality and provide actionable insights for you and your software development team.

The Essence of Quality in Software

Software quality refers to how well a software product or application meets specified customer and developer expectations. High quality software should score highly in the following:

  • Reliability: The software should perform its required functions under stated conditions for a specified period of time without failure. Reliability is crucial for ensuring that software applications are dependable and can consistently execute tasks as expected.
  • Performance: It should operate well in terms of responsiveness, efficiency, resource consumption, and scalability under a given workload. High-performing software delivers a seamless user experience with minimal delays or resource overhead.
  • Security: Quality software should protect against unauthorized access, use, disclosure, disruption, modification, or destruction. This includes safeguarding data integrity, confidentiality, and availability, as well as quickly and effectively identifying vulnerabilities.
  • Maintainability: Good software should be easy for developer to work with and modify to correct defects, improve performance, or adapt to a changing environment. Software with high maintainability is easier to update and extend, reducing the long-term cost of ownership.
  • Speed: Although closely related to performance, speed specifically addresses the software's ability to execute tasks and processes quickly. This dimension is particularly important in environments where rapid processing and response times are critical to success.

While software quality relies—to a certain extent—on code quality, it is important not to confuse the two. Where software quality refers to how software functions and is reworked, code quality refers to the internal aspects of the development process, often specific to the lines of code. Good code quality is necessary for software quality, but not sufficient.

Of course, software quality is not limited to the end product, but also refers to the process of how the software is built. We call these process quality and product quality, and they refer to internal and external markers of quality.

Product Quality

The 'what' of software quality - or quality of the software itself. Product quality emphasizes the software's external attributes, how it meets customer needs, and how those needs change over time. This includes product metrics on functionality, reliability, usability, performance, security, and maintainability, all critical for a successful product and visible when the software project is in the market.

Process Quality

The 'how' of software quality. Process quality references the underlying software engineering practices and methodologies necessary to yield a high-quality product. It stresses on the robustness of the software development process, including adhering to coding standards across all lines of code, defect prevention practices, and development environment health. Process quality is a driver of product quality, and is crucial for sustainable development practices. Good products built poorly will incur considerable costs down the line if code is unreadable or it doesn't integrate with CI/CD practices.

Effective development teams drive and maintain standards across both process and product, even throughout deadlines and capacity crunches. This involves some strategic planning and a culture of improving developer experience, as well as an ability to prioritize value over pure velocity.

How to measure software quality

Setting out to measure software quality sounds straightforward, but you'll find that you quickly face a number of challenges. Quality inputs are often subjective, complex or both. A lack of standardization across the development environment can make it hard to get a definitive assessment, and there are often a lot of inputs and outputs to consider with limited resources and time.

Bearing this in mind, you should consider the following steps when looking to measure and improve software quality.

Define quality objectives and criteria

The first step towards improving quality is defining what it means in the context of your production environment and your users. Start by considering programming language, development methodology (e.g. Agile, Waterfall), and project size and complexity. Smaller and simpler projects will align with established criteria to gauge quality, but you will have to be more strategic when assessing complex projects.

Once you have mapped out the strategic approach to quality, you can start to weigh up your subjective needs. maintainability might be critical for a product with a long shelf life, usability might take priority for one-off projects under time pressure. Setting these benchmarks early sets expectation and focus, aligning team members on what success looks like.

Implement robust code review processes

Robust code reviews are crucial for software quality, from source code down. They should include not only peer reviews by internal testers, but also integrating manual tests and automated software testing within the development lifecycle. Automated tests, including unit tests, integration tests, and functional tests, based on clear test metrics, can help catch issues early when they are easier and less costly to fix. Combined with the nuanced input from peer code reviews, this test coverage helps to foster a culture of attention to detail and collective responsibility for the codebase's quality.

Utilize quality assurance practices

Quality assurance (QA) practices, including continuous integration (CI) and continuous delivery (CD) pipelines, are essential for maintaining and improving software quality. CI/CD pipelines automate the build, test, and deployment processes, ensuring that changes are reliably and efficiently integrated into the existing codebase. This automation helps to identify a number of defects early, reducing the rate errors in the production environment and facilitating rapid, consistent releases.

Monitor and Analyze Software Quality Metrics

High quality metrics make for high quality software. These should strike a balance, including qualitative (user feedback, developer insights) and quantitative (code coverage, cyclomatic complexity, and defect density) metrics. They should also cover both technical aspects of the code and end user experience to monitor process and product quality. Examples of important metrics include:

  • Code complexity
  • Defect density
  • Mean time to failure (MTTF)
  • Mean time to repair (MTTR)
  • Customer satisfaction scores
  • Deployment frequency

Collect Feedback and Iterate

Software quality is a moving target, and feedback from users and stakeholders represents a vital step in the constant pursuit of higher standards. Iterating based on this feedback allows teams to make informed decisions about where to focus their quality improvement efforts, keeping developers in the loop while ensuring that the software evolves in alignment with user requirements.

Foster a Culture of Quality

Culture eats strategy for breakfast, and the best thing you can do for customers is set internal expectations of sustained improvement in software quality. Encourage practices that emphasize quality at every stage of the development process and recognize contributions to quality improvements. For more insights on building a culture of reliability and quality, consider downloading this eBook.

Drive Continuous Improvement

Continuous improvement means regularly revisiting and refining every step of the development lifecycle, from planning and design to deployment and feedback collection. This means checklists and formalized initiatives and reviews, but also draws from the above point on culture. Embracing a mindset of continuous learning and adaptation helps teams stay ahead of emerging challenges and ensures that the software remains relevant, reliable, and high-performing over time.

Why does software quality matter

It should be clear by now that QA work does not represent friction or an impediment, but rather a strategic role that drives better outcomes for customers and the overall brand. The role of QA is to provide visibility on product quality, which should be an existential concern for any company with developers on the payroll. High quality software drives everything from share price and brand to retention and employee satisfaction.

Poor quality software, on the other hand, carries greater risks than just disappointing customers. High defect rates and reliability issues lead to increased operational costs with more frequent fixes, patches, and updates. This not only consume valuable development resources but erodes customer trust and satisfaction, potentially leading to lost sales and missed opportunities. Users will vote with their wallets for more reliable solutions.

In sectors where software failures can compromise safety or violate data protection regulations, organizations may face even severe legal and regulatory consequences. These can include hefty fines, mandated recalls, or even class action lawsuits, causing damage to the company's public image that can be costly and difficult to repair. High software quality is not only about delighting the customer, but also about mitigating financial risks and legal liabilities.

Consider some real world examples. In 2013 the launch of was marred by quality issues that included slow performance, timeouts and crashes. This caused severe difficulty for the government and threatened then President Obama's flagship healthcare policy. The previous year in 2012 a flaw in software deployment caused Knight Capital Group to accidentally execute trades in the market rather than in an internal simulation. This lost the firm $440 million in just 45 minutes and collapsed the stock price by more than 70%.

Software quality pays dividends in more forms than just user satisfaction and trust; it's currency for maintaining brand equity, lowering support costs, and accelerating time-to-market. And it is always worth considering the inverse scenario — poor software quality catalyzes a slippery slope of technical debt, increased operational burden, and customer churn.

How does DevEx correlate to software quality?

Software quality isn’t just another output based on metrics. It is an emergent property from a system that's primarily made up of people – your developers. Standards and expectations for software quality evolve over time, but the needs of people has been remarkably consistent for centuries. Your developers want to have autonomy, they want to automate away toil and to minimize cognitive load, and they want a tool set that enables creativity rather than driving productivity while risking fatigue and burnout.

In other words, they want good DevEx. Getting it right means considering productivity engineering from first principles rather than just adding another 20% to their salaries. While you will need sensible metrics to crack DevEx, you also need to approach it from the perspective of creativity rather than pure delivery.

Forcing devs to respond to tickets and trawl through libraries may produce results in the short term, but high quality software is downstream of development culture. And getting that right means prioritizing intrinsic metrics that developers care about over extrinsic ones focused only on outcomes.

How can Cortex help?

Let's recap on what's needed to build high quality software. You need to drive standards in the software production process with continuous improvement initiatives and environmental health, as well as product outcome around product functionality, maintainability and performance. You also need to build and embed a culture that prioritizes the needs of developers and empowers them to collaborate and deliver deep work.

To effectively measure and enhance software quality, you need more than just a hunch and a spreadsheet. You need a comprehensive platform that integrates with your toolset and fosters a culture of continuous quality. Cortex is that platform.

Centralizing data and standards across all tools

Cortex’s fully custom catalogs, 50+ out of the box integrations, the ability to bring in custom data, and a rich plugin architecture enables teams to build new data experiences that best fit developer workflows. Any standard that governs how code is written, tested, secured, reviewed, or deployed can be unified, and even re-segmented by team, type, domain, or exemption status, to ensure all components are managed in context.

Applying always-on standards for continuous alignment

Because Cortex is a one-stop-shop for all your data and documentation, it can also serve as a means of continuously monitoring alignment to all software standards you define in a Scorecard. If code is updated, ownership changes, new tools are adopted, or old packages hit end-of-life, Cortex makes it easy to see what needs attention.

Providing approved templates to ship quality code quickly

Cortex enables teams to not only build production readiness standards into templates with boilerplate code, but also initiate any workflow from within the platform using a customizable HTTP request. So developers can do things like:

  • Make an API call to AWS
  • Deploy a service
  • Provision a resource
  • Assign a temporary access key
  • Create a JIRA ticket, or any other action that would help the developer complete a task, or in this case, their production readiness framework.

If you’re interested in turning your production readiness checklist into a continuous framework, check out our production readiness product tour. Or try out Cortex for yourself by booking a custom demo!

Lauren Craigie
What's driving urgency for IDPs?